SAP Knowledge Base Article - Preview

3125504 - All users using SCIM with REST API can create, modify or delete user accounts in SAP CM

Symptom

Anyone, with any level of authorization, is able to create a new user using SCIM with the HTTP REST API without any further authentication. The SCIM/API also allows anyone to assign the predefined group Administrator to the newly created users and allows anyone to logon to Access Controller with full permission.

The expected behavior is that only Administrators would be able to perform these actions. 


Read more...

Environment

  • SAP Convergent Mediation 4.0 by DigitalRoute.
  • SAP Convergent Mediation 4.1 by DigitalRoute.
  • SAP Convergent Mediation 4.2 by DigitalRoute.
  • SAP Convergent Mediation 4.3 by DigitalRoute.
  • SAP Convergent Mediation 4.4 by DigitalRoute.

Product

SAP Convergent Mediation 4.0 by DigitalRoute ; SAP Convergent Mediation 4.1 by DigitalRoute ; SAP Convergent Mediation 4.2 by DigitalRoute ; SAP Convergent Mediation 4.3 by DigitalRoute

Keywords

MZ, Mediation, Zone, MediationZone, Convergent, Mediation, InfoZone, Info, Zone, Access, Controller, Configuration, Using, Cross-domain, Identity, Management. , KBA , XX-PART-DRT , DigitalRoute , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.